EP2182439A1 - Method of managing data sent over the air to an applet having a restricted interface - Google Patents

Method of managing data sent over the air to an applet having a restricted interface Download PDF

Info

Publication number
EP2182439A1
EP2182439A1 EP08305743A EP08305743A EP2182439A1 EP 2182439 A1 EP2182439 A1 EP 2182439A1 EP 08305743 A EP08305743 A EP 08305743A EP 08305743 A EP08305743 A EP 08305743A EP 2182439 A1 EP2182439 A1 EP 2182439A1
Authority
EP
European Patent Office
Prior art keywords
data
session
session manager
electronic device
portable electronic
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP08305743A
Other languages
German (de)
French (fr)
Inventor
Patrice Amiel
Grégory Valles
Stéphane Poujol
Eric Therene
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Thales DIS France SA
Original Assignee
Gemalto SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemalto SA filed Critical Gemalto SA
Priority to EP08305743A priority Critical patent/EP2182439A1/en
Priority to PCT/EP2009/063162 priority patent/WO2010049252A1/en
Publication of EP2182439A1 publication Critical patent/EP2182439A1/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/54Interprogram communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/50Service provisioning or reconfiguring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/30Security of mobile devices; Security of mobile applications
    • H04W12/35Protecting application or service provisioning, e.g. securing SIM application provisioning
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/54Indexing scheme relating to G06F9/54
    • G06F2209/541Client-server

Definitions

  • the present invention relates to methods of managing data sent over the air to an applet having a restricted interface. It relates particularly to methods of sending data to applets which are reachable through a limited number of protocols only. In particular, the present invention is well suited for sending data to applets embedded in a portable electronic device like smart cards.
  • a portable electronic device such as a smart card may contain applications in the form of applets. These applets may be accessed by a remote server via an over the air channel, known as OTA.
  • OTA mechanism is defined by the ETSI SCP 102.225 and ETSI-SCP 102.226 standards.
  • the OTA channel allows accessing data and applications which have been specifically developed for SIM cards. Only smart cards intended to be used in Telecom domain are able to manage an OTA communication. In particular SIM cards offer OTA features. On the contrary smart cards intended to be used in domain such as Banking, Loyalty, or Security access do not offer OTA features. These smart cards may be accessed through an I/O communication channel in contact mode or in contactless mode.
  • APDU stands for Application Protocol Data Unit in accordance with the ISO 7816-4 standard. Applets developed for these smart cards are designed with an Application Programming Interface (API) dedicated to I/O communication. In other words, such applets are able to process incoming and outgoing data in the form of APDU format only.
  • API Application Programming Interface
  • applets designed for I/O communication may be integrated in smart cards designed for the Telecom domain.
  • applets designed for I/O communication are already validated and approved by certification audits, these applets must be kept unchanged. Thus it is not possible to update these applets to add an API able to manage data according to OTA format.
  • the OTA communication must follow specific rules which are different from rules of I/O communication.
  • An object of the invention is to solve the above mentioned technical problem.
  • the object of the present invention is a method of managing data sent Over The Air by a server to a portable electronic device which comprises a targeted applet.
  • the method comprises the step of sending an OTA script from the server to the portable electronic device, said OTA script comprising selection data, session data and applicative data.
  • the method comprises the step of extracting the selection data from the OTA script, said selection data being extracted by a session manager embedded in the portable electronic device.
  • the method comprises the step of selecting the targeted applet by using the selection data, said selecting step being carried out by the session manager.
  • the method comprises the step of extracting the session data from the OTA script, said session data being extracted by the session manager.
  • the method comprises the step of establishing a secured session with the targeted applet, said secured session being established by the session manager by using the session data.
  • the method comprises the step of extracting the applicative data from the OTA script, said applicative data being extracted by the session manager.
  • the method comprises the step of sending the applicative data to the targeted applet, said applicative data being sent in the form of APDU format.
  • the method may comprise the further step of sending a second OTA script from the server to the portable electronic device, said second OTA script comprising additional data intended to be transmitted to the targeted applet.
  • the method may comprise the further step of extracting the additional data from the second OTA script, said additional data being extracted by the session manager.
  • the method may comprise the further step of sending the additional data to the targeted applet through said secured session.
  • the method may comprise the further step of unselecting the targeted applet when a preset event occurs, said unselecting step being carried out by the session manager.
  • the portable electronic device may be of smart card type.
  • the secured session may be of SCP02 type or of Calypso ® type.
  • the portable electronic device may comprise a security domain and the method may comprise the further step of requesting the security domain to open a second secured session between the server and the session manager, said requesting step being performed by the session manager.
  • the session manager and the security domain may be merged in a single entity.
  • the method may comprise the further step of deciphering a part or totality of said applicative data according to parameters of the second secured session and a further step of ciphering a part or totality of said applicative data according to parameters of the secured session established with the targeted applet.
  • the OTA script may contain data intended to personalize the targeted applet.
  • the method may comprise the further step of generating the OTA script from a personalization script intended to be sent through a I/O contact interface.
  • the portable electronic device is intended to be connected to a mobile terminal.
  • the portable electronic device is intended to receive an OTA script from a server wherein the OTA script comprises selection data, session data and applicative data.
  • the portable electronic device comprises a microprocessor, a communication interface, an operating system, a working memory and a first non volatile memory.
  • the portable electronic device is intended to comprise a targeted applet and comprises a session manager able to extract said selection data, said session data and said applicative data from the OTA script.
  • the session manager is capable of selecting the targeted applet by using the selection data.
  • the session manager is capable of establishing a secured session with the targeted applet by using the session data.
  • the session manager is capable of sending the applicative data to the targeted applet in the form of APDU format.
  • the portable electronic device may be intended to receive a second OTA script from said server.
  • the second OTA script may comprise additional data intended to be transmitted to the targeted applet.
  • the session manager may be capable of extracting the additional data from the second OTA script.
  • the session manager may be capable of sending the additional data to the targeted applet through said secured session.
  • the portable electronic device may comprise a security domain and the session manager may be capable of requesting said security domain to open a second secured session between the server and the session manager.
  • the invention may apply to any types of portable electronic devices able to manage an OTA session.
  • the portable electronic device is a SIM card but it could be any other kind of portable electronic device offering Telecom smart card features and intended to be connected to a telecom terminal.
  • the present invention relies on an element dedicated to the communication between an OTA server and an applet embedded in the portable electronic device.
  • This element is named session manager.
  • the session manager manages OTA constraints and adapts incoming and outgoing data to match the applet communication interface requirements. Thanks to the invention, the OTA server always uses the standard OTA mechanism and remains fully independent of interface constraints of the targeted application.
  • the session manager manages issues and data formatting for the targeted application. From the targeted application point of view, the communication is identical whatever the used communication mode is.
  • the applet remains independent of the transport format between the server and the portable electronic device.
  • An advantage of the invention is to avoid the upgrade of the used telecom terminal. Such an upgrade is heavy to manage and costly since the number of telecom terminals on the field is huge. Moreover there are many different kinds of mobile handsets already deployed.
  • Figure 1 shows the architecture of a portable electronic device SC of SIM card type according to a preferred embodiment of the invention.
  • the portable electronic device SC comprises a working memory MEM1 of RAM type, two non volatile memories MEM2 and MEM3, a microprocessor MP and a communication interface IN.
  • the non volatile memory MEM2 comprises an operating system OS.
  • the non volatile memory MEM3 comprises a targeted applet TA, a session manager SM, a security domain SD and two key sets KS1 and KS2.
  • the two memories MEM2 and MEM3 may be implemented as any combinations of one, two or more memories. These memories may be NAND flash or EEPROM memory or another type of non volatile memory.
  • the SIM card SC is intended to exchange messages with a telecom handset HM through the communication interface IN.
  • the telecom handset HM is intended to exchange messages with a distant server SR via the OTA mechanism.
  • the session manager SM may be implemented as an applet in a Java Card.
  • the OTA scripts are addressed to the session manager applet.
  • the OTA scripts are neither addressed to the targeted applet AT, nor addressed to the security domain SD.
  • the session manager SM is able to select the targeted applet TA, to establish a secure session with TA and to send applicative data to the targeted applet through APDU format. Data returned by the targeted applet are adapted by the session manager SM and sent back to the server SR.
  • the session manager SM is able to keep a secure session opened when waiting for a next OTA script.
  • Figure 2 shows an example of a step sequence for sending applicative data to an applet embedded in a SIM smart card according to the invention.
  • the applet TA has been designed in order to comply with GlobalPlatform ® v2.x requirements.
  • a secure channel of SCP02 type must be opened and used for exchanging data with the applet TA.
  • the server SR sends a first script SCA1 to the SIM card SC via OTA at step S1.
  • the script SCA1 complies with OTA format.
  • the script is received by the mobile phone HM and forwarded to the SIM card.
  • the operating system OS of the SIM card SC provide the session manager SM with the received script SCA1.
  • the session manager SM gets a selection data D1 from the script SCA1.
  • the selection data D1 contains the AID of the targeted applet TA.
  • the session manager SM selects the targeted applet TA by sending a Select command to the applet TA with the relevant AID as parameter at step S3.
  • the Select command is sent through the APDU format to the targeted applet TA. That is to say the Select command is sent on the form of a command header plus a command body.
  • the command header contains four bytes: CLA, INS P1 and P2.
  • the command body contains a variable number of bytes depending of the command parameter.
  • the two status words SW1, SW2 are sent back to the session manager SM which checks that the selection is successful. If a problem is detected thanks to SW1 and SW2, then the session manager sends an error message to the server SR. Such an error message may indicate that the targeted application has not been found.
  • the session manager SM gets a session data D2 from the script SCA1.
  • the session data D2 corresponds to the couple of Initialize Update command and External Authentication command.
  • the session manager SM opens a secure session of SCP02 type by sending data corresponding to the Initialize Update command and to the External Authentication command to the targeted applet TA at step S5. Both commands are sent through the APDU format to the targeted applet TA.
  • the session manager SM gets an applicative data D3 from the script SCA1.
  • the applicative data D3 corresponds to one or several commands intended to be transmitted to the targeted applet TA.
  • applicative data D3 may be one or several commands intended to personalize an applet or one or several Store data commands.
  • the session manager SM sends the applicative data D3 to the targeted applet TA at step S7.
  • the session manager SM may extract the applicative data D3 in several operations and send the corresponding part of D3 to the targeted applet through a plurality of APDU commands.
  • step S7 all the content of the script SCA1 has been treated by the session manager SM and the secure session SCP02 remains alive between the targeted applet TA and the session manager SM.
  • the session manager SM may extract any combination of D1, D2 and D3 in a single operation.
  • the session manager SM may open a secure session of SCP02 type and send applicative data in a single operation.
  • the server SR sends a second OTA script SCA2 to the SIM card SC via OTA at step S8, a new OTA session will be opened between the server and the session manager SM.
  • the targeted applet TA is still selected and the previous secure session SCP02 is still opened between the targeted applet TA and the session manager SM.
  • the session manager SM gets additional data from the script SCA2 and sends this additional data to the targeted applet TA. Additional data is sent through APDU commands to the targeted applet TA.
  • the session manager may check if the content of the script SCA2 is intended to be sent to the targeted applet TA in the current SCP02 secure session.
  • the session manager SM may unselect the targeted applet TA at step S10.
  • the unselecting step may be triggered when a preset event occurs.
  • the last OTA script may contain a "end-of script" indicator.
  • the unselecting step may also be triggered when the following sequence occurs: start of a new SCP02 session, error in a script then script sent for another application.
  • the unselecting step of the targeted applet TA may be important especially if the targeted applet is not multiselectable.
  • An advantage of the invention is to avoid the automatic end of the SCP02 secure session when a further OTA session is opened between the remote server SR and the session manager SM.
  • the invention allows sending one SCP02 script through a plurality of OTA scripts SCA1, SCA2, ..., SCAn since the applicative session is kept opened over several OTA sessions. Since the invention allows sending a large amount of data to a targeted applet, large files of USIM or UICC systems may be securely loaded through a set of OTA scripts.
  • An advantage of the invention is to allow exchanging an amount of data which is bigger than the maximum size that can be exchanged via a single OTA session.
  • the invention offers the same advantage when using the Card Application Toolkit - Transport Protocol also named CAT-TP.
  • applets that are not initially designed for Telecom business may be personalized by using the same APDU script as in I/O contact mode.
  • FIG. 3 shows another example of a step sequence for sending applicative data to an applet embedded in a SIM smart card according to the invention.
  • the applet TA has been designed in order to comply with Calypso ® v2.4 requirements.
  • a specific secure channel must be opened and used for exchanging data with the applet TA.
  • the server SR sends a first script SCB1 to the SIM card SC via OTA at step S20.
  • the script SCB1 complies with OTA format.
  • the script SCB1 is received by the handset terminal HM and forwarded to the SIM card.
  • the operating system OS of the SIM card SC provides the session manager SM with the received script SCB1.
  • the session manager SM gets a selection data D1 from the script SCA1.
  • the selection data D1 corresponds to the AID of the targeted applet TA.
  • the session manager SM selects the targeted applet TA by sending a Select command to the applet TA with the relevant AID as parameter at step S22.
  • the Select command is sent through the APDU format to the targeted applet TA.
  • the session manager SM gets both a session data D2 and an applicative data D3 from the script SCB1.
  • the session data D2 corresponds to the "Open session” command.
  • the session manager SM opens a specific secure session by sending the "Open session” command to the targeted applet TA at step S24. This command is sent through the APDU format to the targeted applet TA.
  • the applicative data D3 corresponds to one or several commands intended to be transmitted to the targeted applet TA.
  • applicative data D3 may be a proprietary APDU command dedicated to the Calypso application personalization. Then the session manager SM sends the applicative data D3 to the targeted applet TA at step S25.
  • the session manager SM may extract the session data D2 and the applicative data D3 in several operations.
  • the session manager SM may extract part of the applicative data D3 in several operations and send the corresponding parts of D3 to the targeted applet through a plurality of APDU commands.
  • step S25 all the content of the script SCB1 has been treated by the session manager SM and the specific secure session remains alive between the Calypso ® applet TA and the session manager SM.
  • the session manager SM may extract any combination of D1, D2 and D3 in a single operation.
  • the server SR sends a second OTA script SCB2 to the SIM card SC via OTA at step S26
  • a new OTA session will be opened between the server and the session manager SM.
  • the targeted applet TA is still selected and the previous specific secure session is still opened between the targeted applet TA and the session manager SM.
  • the session manager SM gets additional data from the script SCB2 and sends this additional data to the targeted applet TA. Additional data is sent through one or several APDU commands to the targeted applet TA.
  • the session manager SM may seek a "Close session” command in the received OTA script at step S28. If the received OTA script contains a "Close session” command, the session manager SM may unselect the targeted applet TA at step S29.
  • An advantage of the invention is to avoid the automatic end of the specific secure session when a further OTA session is opened between the remote server SR and the session manager SM.
  • the invention allows sending one Calypso ® script through a plurality of OTA scripts SCB1, SCB2,..., SCBn since the applicative session is kept opened over several OTA sessions.
  • the data required for the Calypso ® personalization process is determined during the personalization process itself. For example, in response to the sending of applicative data D3 at step S25, the targeted applet TA may send back data which are forwarded to the server SR. Then the server SR may use the forwarded data for generating the second OTA script SCB2. In this case the content and size of the second OTA script SCB2 is dynamically computed during the transaction process.
  • a dynamic amount of data may be securely sent to a targeted applet embedded in a smart card.
  • An advantage of the invention is to allow secure data exchanges by using a specific security layer between the OTA server and the targeted applet.
  • Figure 4 shows an example of a step sequence for sending a personalization script to an applet embedded in a SIM smart card according to the invention.
  • the targeted applet TA has been designed in order to comply with GlobalPlatform ® v2.x requirements.
  • a secure channel of SCP02 type must be opened and used for exchanging data with the targeted applet TA.
  • An initial SCP02 personalization script is assumed to be already developed.
  • an OTA personalization script SCC1 is generated on the base of the initial SCP02 personalization script.
  • the OTA script SCC1 keeps the SCP02 security layer unchanged.
  • the OTA script SCC1 uses the SCP80 security mechanism as defined by ETSI 102.225 standard.
  • the OTA script SCC1 is built with the usual structure of script compliant with OTA requirements.
  • a usual OTA script is intended to target a Security domain.
  • a usual OTA script contains the following commands in a predefined order: Initialize Update command, External Authenticate command, Install [For Perso] command, and at least one Store Data command.
  • the server SR sends the OTA script SCC1 to the SIM card SC via OTA at step S51.
  • the script SCC1 complies with OTA format.
  • the script is received by the Telecom handset HM and forwarded to the SIM card. Then the operating system OS of the SIM card SC provides the session manager SM with the received script SCC1.
  • the session manager SM delegates the opening of the SCP02 session to the Security Domain SD.
  • the Security Domain SD opens a first SCP02 session with the server SR at step S53.
  • a first SCP02 session is available between the server SR and the session manager SM.
  • the session manager SM and the targeted applet TA are located in the same Security Domain SD.
  • the session manager SM is able to find the relevant key set KS1 used by the OTA server SR for the OTA script generation.
  • the session manager SM gets a selection data D1 from the script SCC1 at step S54.
  • the selection data D1 corresponds to the Install [For Perso] command. Since the SCP02 session is opened, the session manager SM is able to decipher the Install [For Perso] command and to get the AID of the targeted applet TA. Then the session manager SM selects the targeted applet TA by sending a Select command to the applet TA with the relevant AID at step S55. The Select command is sent through the APDU format to the targeted applet TA.
  • the session manager SM gets a session data D2 from the script SCC1.
  • the session data D2 corresponds to the couple of Initialize Update command and External Authentication command.
  • the session manager SM opens a second secure session of SCP02 type by sending the Initial Update command and the External Authentication command to the targeted applet TA at step S57. Both commands are sent through the APDU format to the targeted applet TA.
  • a second SCP02 session is available between the targeted applet TA and the session manager SM.
  • the session manager SM gets an applicative data D3 from the script SCC1.
  • the applicative data D3 corresponds to one or several commands intended to be transmitted to the targeted applet TA.
  • applicative data D3 may be a Store data command.
  • the session manager SM is in charge of forwarding data between the two SCP02 sessions.
  • the session manager SM checks if first and second SCP02 sessions have key sets sharing a same value.
  • the session manager SM deciphers the data D3 by using the key set KS1 corresponding to the first SCP02 session at step S60. Then the session manager SM ciphers the data D3 by using the key set KS2 corresponding to the second SCP02 session.
  • the session manager SM sends the applicative data D3 to the targeted applet TA at step S61.
  • first and second SCP02 sessions share a same key set value
  • the session manager SM directly sends the applicative data D3 to the targeted applet TA at step S61. This case may occur when the mode "55" of SCP02 is used.
  • the synchronization counter of the SCP02 key set is used instead of a random. It is then possible to have exactly the same key values for both key sets KS1 and KS2. In order to synchronize counters of both key sets KS1 and KS2, each time a SCP02 session is opened with KS1, a SCP02 session must be opened with KS2.
  • the session manager SM may extract the applicative data D3 in several operations and send the corresponding part of D3 to the targeted applet through a plurality of APDU commands.
  • the session manager SM may extract any combination of D2 and D3 in a single operation.
  • step S61 all the content of the script SCC1 has been treated by the session manager SM and the second secure session SCP02 remains alive between the targeted applet TA and the session manager SM.
  • the server SR sends a second OTA script
  • a new OTA session will be opened between the server and the session manager SM thanks to the security domain SD.
  • the targeted applet TA is still selected and the second secure session SCP02 is still opened between the targeted applet TA and the session manager SM.
  • the session manager SM may get additional data from the second OTA script, modify the additional data if required and sends this additional data to the targeted applet TA through APDU format.
  • session manager applet per applet to be targeted on the smart card.
  • session manager applet per security domain on the smart card.
  • the targeted applet TA has received a personalization script compliant with I/O contact format.
  • the Install [For Perso] command has been removed from the script part sent to targeted applet TA.
  • data have been sent to the targeted applet TA according to an order different from the data order into the OTA script.
  • An advantage of the invention is to allow the sending via OTA channel of an initial personalization script designed to be sent in I/O mode. Thanks to the invention, the initial security layer may be kept unchanged for the initial personalization script.
  • the SCP02 security layer has been fully used between the server SR and the targeted applet TA.
  • the session manager SM may transform data received through an OTA script into APDU commands having a non-standard header value.
  • the session manager SM may transform data into APDU commands which comply with the ISO-7816 APDU header structure and which have non-standard CLA, INS, P1 or P2 values. Thanks to this feature, data may be sent to the targeted applet according to a proprietary APDU format.

Abstract

The invention is a method of managing data sent Over The Air by a server to a portable electronic device which comprises a targeted applet. The method comprises the steps of:
- sending an OTA script to the portable electronic device, said OTA script comprising selection data, session data and applicative data,
- extracting the selection data by a session manager embedded in the portable electronic device,
- selecting the targeted applet by using the selection data, said selecting step being carried out by the session manager (SM),
- extracting the session data by the session manager,
- establishing a secured session with the targeted applet, said secured session being established by the session manager by using the session data,
- extracting the applicative data by the session manager,
- sending the applicative data to the targeted applet, said applicative data being sent in the form of APDU format.

Description

    (Field of the invention)
  • The present invention relates to methods of managing data sent over the air to an applet having a restricted interface. It relates particularly to methods of sending data to applets which are reachable through a limited number of protocols only. In particular, the present invention is well suited for sending data to applets embedded in a portable electronic device like smart cards.
    • (Prior art)
  • A portable electronic device such as a smart card may contain applications in the form of applets. These applets may be accessed by a remote server via an over the air channel, known as OTA. OTA mechanism is defined by the ETSI SCP 102.225 and ETSI-SCP 102.226 standards. The OTA channel allows accessing data and applications which have been specifically developed for SIM cards. Only smart cards intended to be used in Telecom domain are able to manage an OTA communication. In particular SIM cards offer OTA features. On the contrary smart cards intended to be used in domain such as Banking, Loyalty, or Security access do not offer OTA features. These smart cards may be accessed through an I/O communication channel in contact mode or in contactless mode. In this case, data is sent in the form of APDU format on such an interface communication. APDU stands for Application Protocol Data Unit in accordance with the ISO 7816-4 standard. Applets developed for these smart cards are designed with an Application Programming Interface (API) dedicated to I/O communication. In other words, such applets are able to process incoming and outgoing data in the form of APDU format only.
  • Due to the market trend, several applications belonging to different domains may be integrated in a unique smart card. In particular, applets designed for I/O communication may be integrated in smart cards designed for the Telecom domain. When applets designed for I/O communication are already validated and approved by certification audits, these applets must be kept unchanged. Thus it is not possible to update these applets to add an API able to manage data according to OTA format.
  • The OTA communication must follow specific rules which are different from rules of I/O communication.
  • There is a need to be able to remotely access to applets designed for I/O communication in smart cards designed for the Telecom domain. In particular a distant server must be able to communicate with such an applet via an OTA session in order to personalize the applet or to use a service provided by the applet.
    • (Summary of the Invention)
  • An object of the invention is to solve the above mentioned technical problem.
  • The object of the present invention is a method of managing data sent Over The Air by a server to a portable electronic device which comprises a targeted applet. The method comprises the step of sending an OTA script from the server to the portable electronic device, said OTA script comprising selection data, session data and applicative data. The method comprises the step of extracting the selection data from the OTA script, said selection data being extracted by a session manager embedded in the portable electronic device. The method comprises the step of selecting the targeted applet by using the selection data, said selecting step being carried out by the session manager. The method comprises the step of extracting the session data from the OTA script, said session data being extracted by the session manager. The method comprises the step of establishing a secured session with the targeted applet, said secured session being established by the session manager by using the session data. The method comprises the step of extracting the applicative data from the OTA script, said applicative data being extracted by the session manager. The method comprises the step of sending the applicative data to the targeted applet, said applicative data being sent in the form of APDU format.
  • The method may comprise the further step of sending a second OTA script from the server to the portable electronic device, said second OTA script comprising additional data intended to be transmitted to the targeted applet. The method may comprise the further step of extracting the additional data from the second OTA script, said additional data being extracted by the session manager. The method may comprise the further step of sending the additional data to the targeted applet through said secured session.
  • Advantageously, the method may comprise the further step of unselecting the targeted applet when a preset event occurs, said unselecting step being carried out by the session manager.
  • In a preferred embodiment the portable electronic device may be of smart card type.
  • Advantageously, the secured session may be of SCP02 type or of Calypso ® type.
  • The portable electronic device may comprise a security domain and the method may comprise the further step of requesting the security domain to open a second secured session between the server and the session manager, said requesting step being performed by the session manager.
  • The session manager and the security domain may be merged in a single entity.
  • Advantageously, the method may comprise the further step of deciphering a part or totality of said applicative data according to parameters of the second secured session and a further step of ciphering a part or totality of said applicative data according to parameters of the secured session established with the targeted applet.
  • In a preferred embodiment, the OTA script may contain data intended to personalize the targeted applet.
  • Advantageously, the method may comprise the further step of generating the OTA script from a personalization script intended to be sent through a I/O contact interface.
  • Another object of the invention is a portable electronic device intended to be connected to a mobile terminal. The portable electronic device is intended to receive an OTA script from a server wherein the OTA script comprises selection data, session data and applicative data. The portable electronic device comprises a microprocessor, a communication interface, an operating system, a working memory and a first non volatile memory. The portable electronic device is intended to comprise a targeted applet and comprises a session manager able to extract said selection data, said session data and said applicative data from the OTA script. The session manager is capable of selecting the targeted applet by using the selection data. The session manager is capable of establishing a secured session with the targeted applet by using the session data. The session manager is capable of sending the applicative data to the targeted applet in the form of APDU format.
  • Advantageously, the portable electronic device may be intended to receive a second OTA script from said server. The second OTA script may comprise additional data intended to be transmitted to the targeted applet. The session manager may be capable of extracting the additional data from the second OTA script. The session manager may be capable of sending the additional data to the targeted applet through said secured session.
  • The portable electronic device may comprise a security domain and the session manager may be capable of requesting said security domain to open a second secured session between the server and the session manager.
    • (Brief description of the drawings)
  • Other characteristics and advantages of the present invention will emerge more clearly from a reading of the following description of a number of preferred embodiments of the invention with reference to the corresponding accompanying drawings in which:
    • Figure 1 depicts schematically an example of architecture of a portable electronic device and an example of communication exchanges between a server and the portable electronic device according to the invention;
    • Figure 2 is an example of step sequence for sending applicative data to an applet embedded in a SIM smart card according to the invention;
    • Figure 3 is an example of step sequence for sending applicative data to a Calypso ® applet embedded in a SIM smart card according to the invention; and
    • Figure 4 is an example of step sequence for sending a personalization script to an applet embedded in a SIM smart card according to the invention.
    (Detailed description of the preferred embodiments)
  • The invention may apply to any types of portable electronic devices able to manage an OTA session. In this specification, the portable electronic device is a SIM card but it could be any other kind of portable electronic device offering Telecom smart card features and intended to be connected to a telecom terminal.
  • The present invention relies on an element dedicated to the communication between an OTA server and an applet embedded in the portable electronic device. This element is named session manager. The session manager manages OTA constraints and adapts incoming and outgoing data to match the applet communication interface requirements. Thanks to the invention, the OTA server always uses the standard OTA mechanism and remains fully independent of interface constraints of the targeted application. The session manager manages issues and data formatting for the targeted application. From the targeted application point of view, the communication is identical whatever the used communication mode is. The applet remains independent of the transport format between the server and the portable electronic device.
  • An advantage of the invention is to avoid the upgrade of the used telecom terminal. Such an upgrade is heavy to manage and costly since the number of telecom terminals on the field is huge. Moreover there are many different kinds of mobile handsets already deployed.
  • Figure 1 shows the architecture of a portable electronic device SC of SIM card type according to a preferred embodiment of the invention.
  • The portable electronic device SC comprises a working memory MEM1 of RAM type, two non volatile memories MEM2 and MEM3, a microprocessor MP and a communication interface IN. The non volatile memory MEM2 comprises an operating system OS.
  • The non volatile memory MEM3 comprises a targeted applet TA, a session manager SM, a security domain SD and two key sets KS1 and KS2.
  • The two memories MEM2 and MEM3 may be implemented as any combinations of one, two or more memories. These memories may be NAND flash or EEPROM memory or another type of non volatile memory.
  • The SIM card SC is intended to exchange messages with a telecom handset HM through the communication interface IN. The telecom handset HM is intended to exchange messages with a distant server SR via the OTA mechanism.
  • The session manager SM may be implemented as an applet in a Java Card. Thus the OTA scripts are addressed to the session manager applet. Contrary to prior art, the OTA scripts are neither addressed to the targeted applet AT, nor addressed to the security domain SD. At reception of an OTA script, the session manager SM is able to select the targeted applet TA, to establish a secure session with TA and to send applicative data to the targeted applet through APDU format. Data returned by the targeted applet are adapted by the session manager SM and sent back to the server SR. The session manager SM is able to keep a secure session opened when waiting for a next OTA script.
  • Figure 2 shows an example of a step sequence for sending applicative data to an applet embedded in a SIM smart card according to the invention. In this example, the applet TA has been designed in order to comply with GlobalPlatform ® v2.x requirements. In particular, a secure channel of SCP02 type must be opened and used for exchanging data with the applet TA.
  • First the server SR sends a first script SCA1 to the SIM card SC via OTA at step S1. The script SCA1 complies with OTA format. The script is received by the mobile phone HM and forwarded to the SIM card. Then the operating system OS of the SIM card SC provide the session manager SM with the received script SCA1.
  • At step S2, the session manager SM gets a selection data D1 from the script SCA1. The selection data D1 contains the AID of the targeted applet TA. Then the session manager SM selects the targeted applet TA by sending a Select command to the applet TA with the relevant AID as parameter at step S3. The Select command is sent through the APDU format to the targeted applet TA. That is to say the Select command is sent on the form of a command header plus a command body. The command header contains four bytes: CLA, INS P1 and P2. The command body contains a variable number of bytes depending of the command parameter. The two status words SW1, SW2 are sent back to the session manager SM which checks that the selection is successful. If a problem is detected thanks to SW1 and SW2, then the session manager sends an error message to the server SR. Such an error message may indicate that the targeted application has not been found.
  • At step S4, the session manager SM gets a session data D2 from the script SCA1. The session data D2 corresponds to the couple of Initialize Update command and External Authentication command. Then the session manager SM opens a secure session of SCP02 type by sending data corresponding to the Initialize Update command and to the External Authentication command to the targeted applet TA at step S5. Both commands are sent through the APDU format to the targeted applet TA.
  • At step S6, the session manager SM gets an applicative data D3 from the script SCA1. The applicative data D3 corresponds to one or several commands intended to be transmitted to the targeted applet TA. For example, applicative data D3 may be one or several commands intended to personalize an applet or one or several Store data commands. Then the session manager SM sends the applicative data D3 to the targeted applet TA at step S7.
  • Alternatively, the session manager SM may extract the applicative data D3 in several operations and send the corresponding part of D3 to the targeted applet through a plurality of APDU commands.
  • At the end of step S7, all the content of the script SCA1 has been treated by the session manager SM and the secure session SCP02 remains alive between the targeted applet TA and the session manager SM.
  • Alternatively the session manager SM may extract any combination of D1, D2 and D3 in a single operation.
  • Alternatively the session manager SM may open a secure session of SCP02 type and send applicative data in a single operation.
  • If the server SR sends a second OTA script SCA2 to the SIM card SC via OTA at step S8, a new OTA session will be opened between the server and the session manager SM. At this time the targeted applet TA is still selected and the previous secure session SCP02 is still opened between the targeted applet TA and the session manager SM. Then at step S9, the session manager SM gets additional data from the script SCA2 and sends this additional data to the targeted applet TA. Additional data is sent through APDU commands to the targeted applet TA.
  • Before sending the additional data, the session manager may check if the content of the script SCA2 is intended to be sent to the targeted applet TA in the current SCP02 secure session.
  • Advantageously, the session manager SM may unselect the targeted applet TA at step S10. The unselecting step may be triggered when a preset event occurs. For example the last OTA script may contain a "end-of script" indicator. The unselecting step may also be triggered when the following sequence occurs: start of a new SCP02 session, error in a script then script sent for another application. The unselecting step of the targeted applet TA may be important especially if the targeted applet is not multiselectable.
  • An advantage of the invention is to avoid the automatic end of the SCP02 secure session when a further OTA session is opened between the remote server SR and the session manager SM. Thus the invention allows sending one SCP02 script through a plurality of OTA scripts SCA1, SCA2, ..., SCAn since the applicative session is kept opened over several OTA sessions. Since the invention allows sending a large amount of data to a targeted applet, large files of USIM or UICC systems may be securely loaded through a set of OTA scripts.
  • An advantage of the invention is to allow exchanging an amount of data which is bigger than the maximum size that can be exchanged via a single OTA session. The invention offers the same advantage when using the Card Application Toolkit - Transport Protocol also named CAT-TP.
  • Thanks to the invention, applets that are not initially designed for Telecom business may be personalized by using the same APDU script as in I/O contact mode.
  • Figure 3 shows another example of a step sequence for sending applicative data to an applet embedded in a SIM smart card according to the invention. In this example, the applet TA has been designed in order to comply with Calypso ® v2.4 requirements. In particular, a specific secure channel must be opened and used for exchanging data with the applet TA.
  • First the server SR sends a first script SCB1 to the SIM card SC via OTA at step S20. The script SCB1 complies with OTA format. The script SCB1 is received by the handset terminal HM and forwarded to the SIM card. Then the operating system OS of the SIM card SC provides the session manager SM with the received script SCB1.
  • At step S21, the session manager SM gets a selection data D1 from the script SCA1. The selection data D1 corresponds to the AID of the targeted applet TA. Then the session manager SM selects the targeted applet TA by sending a Select command to the applet TA with the relevant AID as parameter at step S22. The Select command is sent through the APDU format to the targeted applet TA.
  • At step S23, the session manager SM gets both a session data D2 and an applicative data D3 from the script SCB1. The session data D2 corresponds to the "Open session" command. Then the session manager SM opens a specific secure session by sending the "Open session" command to the targeted applet TA at step S24. This command is sent through the APDU format to the targeted applet TA.
  • The applicative data D3 corresponds to one or several commands intended to be transmitted to the targeted applet TA. For example, applicative data D3 may be a proprietary APDU command dedicated to the Calypso application personalization. Then the session manager SM sends the applicative data D3 to the targeted applet TA at step S25.
  • Alternatively, the session manager SM may extract the session data D2 and the applicative data D3 in several operations.
  • Alternatively, the session manager SM may extract part of the applicative data D3 in several operations and send the corresponding parts of D3 to the targeted applet through a plurality of APDU commands.
  • At the end of step S25, all the content of the script SCB1 has been treated by the session manager SM and the specific secure session remains alive between the Calypso ® applet TA and the session manager SM.
  • Alternatively the session manager SM may extract any combination of D1, D2 and D3 in a single operation.
  • If the server SR sends a second OTA script SCB2 to the SIM card SC via OTA at step S26, a new OTA session will be opened between the server and the session manager SM. At this time the targeted applet TA is still selected and the previous specific secure session is still opened between the targeted applet TA and the session manager SM. Then at step S27, the session manager SM gets additional data from the script SCB2 and sends this additional data to the targeted applet TA. Additional data is sent through one or several APDU commands to the targeted applet TA.
  • Advantageously, the session manager SM may seek a "Close session" command in the received OTA script at step S28. If the received OTA script contains a "Close session" command, the session manager SM may unselect the targeted applet TA at step S29.
  • An advantage of the invention is to avoid the automatic end of the specific secure session when a further OTA session is opened between the remote server SR and the session manager SM. Thus the invention allows sending one Calypso ® script through a plurality of OTA scripts SCB1, SCB2,..., SCBn since the applicative session is kept opened over several OTA sessions. This point is particularly interesting since the amount of data to be sent to the Calypso ® applet is not known at the beginning of the personalization process. The data required for the Calypso ® personalization process is determined during the personalization process itself. For example, in response to the sending of applicative data D3 at step S25, the targeted applet TA may send back data which are forwarded to the server SR. Then the server SR may use the forwarded data for generating the second OTA script SCB2. In this case the content and size of the second OTA script SCB2 is dynamically computed during the transaction process.
  • Thanks to the invention, a dynamic amount of data may be securely sent to a targeted applet embedded in a smart card.
  • An advantage of the invention is to allow secure data exchanges by using a specific security layer between the OTA server and the targeted applet.
  • Figure 4 shows an example of a step sequence for sending a personalization script to an applet embedded in a SIM smart card according to the invention. In this example, the targeted applet TA has been designed in order to comply with GlobalPlatform ® v2.x requirements. Thus, a secure channel of SCP02 type must be opened and used for exchanging data with the targeted applet TA.
  • An initial SCP02 personalization script is assumed to be already developed. At the first step S50, an OTA personalization script SCC1 is generated on the base of the initial SCP02 personalization script. The OTA script SCC1 keeps the SCP02 security layer unchanged. In addition, the OTA script SCC1 uses the SCP80 security mechanism as defined by ETSI 102.225 standard. The OTA script SCC1 is built with the usual structure of script compliant with OTA requirements. A usual OTA script is intended to target a Security domain. A usual OTA script contains the following commands in a predefined order: Initialize Update command, External Authenticate command, Install [For Perso] command, and at least one Store Data command.
  • The server SR sends the OTA script SCC1 to the SIM card SC via OTA at step S51. The script SCC1 complies with OTA format. The script is received by the Telecom handset HM and forwarded to the SIM card. Then the operating system OS of the SIM card SC provides the session manager SM with the received script SCC1.
  • At step S52, the session manager SM delegates the opening of the SCP02 session to the Security Domain SD.
  • The Security Domain SD opens a first SCP02 session with the server SR at step S53. Thus a first SCP02 session is available between the server SR and the session manager SM.
  • In a preferred embodiment, the session manager SM and the targeted applet TA are located in the same Security Domain SD. Thus the session manager SM is able to find the relevant key set KS1 used by the OTA server SR for the OTA script generation.
  • Then the session manager SM gets a selection data D1 from the script SCC1 at step S54. In this example, the selection data D1 corresponds to the Install [For Perso] command. Since the SCP02 session is opened, the session manager SM is able to decipher the Install [For Perso] command and to get the AID of the targeted applet TA. Then the session manager SM selects the targeted applet TA by sending a Select command to the applet TA with the relevant AID at step S55. The Select command is sent through the APDU format to the targeted applet TA.
  • At that stage, it is required to open a new SCP02 channel on the targeted applet. However, it is not possible to reuse the key and the Initialize Update and External Authenticate commands received by OTA because the SCP02 session key will be different. This is due to the fact that either the random generated by the card will be different, or in case of SCP02 mode "55", the synchronization counter of the SCP02 key set KS1 has already been incremented during the opening of the first SCP02 session. It is then required to use another SCP02 key set KS2 which is dedicated to the second SCP02 session.
  • At step S56, the session manager SM gets a session data D2 from the script SCC1. The session data D2 corresponds to the couple of Initialize Update command and External Authentication command. Then the session manager SM opens a second secure session of SCP02 type by sending the Initial Update command and the External Authentication command to the targeted applet TA at step S57. Both commands are sent through the APDU format to the targeted applet TA. Thus a second SCP02 session is available between the targeted applet TA and the session manager SM.
  • At step S58, the session manager SM gets an applicative data D3 from the script SCC1. The applicative data D3 corresponds to one or several commands intended to be transmitted to the targeted applet TA. For example, applicative data D3 may be a Store data command.
  • Thanks to first and second SCP02 sessions, data may be securely exchanged between the server SR and the targeted applet TA. The session manager SM is in charge of forwarding data between the two SCP02 sessions.
  • At step S59, the session manager SM checks if first and second SCP02 sessions have key sets sharing a same value.
  • If first and second SCP02 sessions have different key set value, then the session manager SM deciphers the data D3 by using the key set KS1 corresponding to the first SCP02 session at step S60. Then the session manager SM ciphers the data D3 by using the key set KS2 corresponding to the second SCP02 session.
  • Then the session manager SM sends the applicative data D3 to the targeted applet TA at step S61.
  • If first and second SCP02 sessions share a same key set value, then the session manager SM directly sends the applicative data D3 to the targeted applet TA at step S61. This case may occur when the mode "55" of SCP02 is used. The synchronization counter of the SCP02 key set is used instead of a random. It is then possible to have exactly the same key values for both key sets KS1 and KS2. In order to synchronize counters of both key sets KS1 and KS2, each time a SCP02 session is opened with KS1, a SCP02 session must be opened with KS2.
  • Alternatively, the session manager SM may extract the applicative data D3 in several operations and send the corresponding part of D3 to the targeted applet through a plurality of APDU commands.
  • Alternatively the session manager SM may extract any combination of D2 and D3 in a single operation.
  • At the end of step S61, all the content of the script SCC1 has been treated by the session manager SM and the second secure session SCP02 remains alive between the targeted applet TA and the session manager SM.
  • If the server SR sends a second OTA script, a new OTA session will be opened between the server and the session manager SM thanks to the security domain SD. At this time the targeted applet TA is still selected and the second secure session SCP02 is still opened between the targeted applet TA and the session manager SM. Then the session manager SM may get additional data from the second OTA script, modify the additional data if required and sends this additional data to the targeted applet TA through APDU format.
  • Advantageously, there is one instance of the session manager applet per applet to be targeted on the smart card.
  • Alternatively, there is one instance of the session manager applet per security domain on the smart card.
  • At the end of the process, the targeted applet TA has received a personalization script compliant with I/O contact format. In the above-described example, the Install [For Perso] command has been removed from the script part sent to targeted applet TA. Moreover, data have been sent to the targeted applet TA according to an order different from the data order into the OTA script.
  • An advantage of the invention is to allow the sending via OTA channel of an initial personalization script designed to be sent in I/O mode. Thanks to the invention, the initial security layer may be kept unchanged for the initial personalization script. In the above-described example, the SCP02 security layer has been fully used between the server SR and the targeted applet TA.
  • Advantageously, the session manager SM may transform data received through an OTA script into APDU commands having a non-standard header value. In other words, the session manager SM may transform data into APDU commands which comply with the ISO-7816 APDU header structure and which have non-standard CLA, INS, P1 or P2 values. Thanks to this feature, data may be sent to the targeted applet according to a proprietary APDU format.

Claims (15)

  1. A method of managing data sent Over The Air by a server (SR) to a portable electronic device (SC), said portable electronic device (SC) comprising a targeted applet (TA), said method comprising the step of:
    a) sending (S1, S20, S51) an OTA script (SCA1, SCB1, SCC1) from the server (SR) to the portable electronic device (SC), said OTA script (SCA1, SCB1, SCC1) comprising selection data (D1), session data (D2) and applicative data (D3),
    characterized in that said method comprises the steps of:
    b) extracting (S2, S21, S54) the selection data (D1) from the OTA script (SCA1, SCB1, SCC1), said selection data (D1) being extracted by a session manager (SM) embedded in the portable electronic device (SC),
    c) selecting (S3, S22, S55) the targeted applet (TA) by using the selection data (D1), said selecting step (S3, S22, S55) being carried out by the session manager (SM),
    d) extracting (S4, S23, S56) the session data (D2) from the OTA script (SCA1, SCB1, SCB1), said session data (D2) being extracted by the session manager (SM),
    e) establishing (S5, S24, S57) a secured session with the targeted applet (TA), said secured session being established by the session manager (SM) by using the session data (D2),
    f) extracting (S6, 23, 58) the applicative data (D3) from the OTA script (SCA1, SCB1, SCB1), said applicative data (D3) being extracted by the session manager (SM),
    g) sending (S7, 25, S61) the applicative data (D3) to the targeted applet (TA), said applicative data (D3) being sent in the form of APDU format.
  2. A method according to claim 1, wherein said method comprises the further steps of:
    h) sending (S8, S26) a second OTA script (SCA2, SCB2) from the server (SR) to the portable electronic device (SC), said second OTA script comprising additional data intended to be transmitted to said targeted applet (TA),
    i) extracting (S9, S27) the additional data from the second OTA script (SCA2, SCB2), said additional data being extracted by the session manager (SM),
    j) sending (S9, S27) the additional data to the targeted applet (TA) through said secured session.
  3. A method according to one of claims 1 to 2, wherein said method comprises the further step of:
    k) when a preset event occurs, unselecting (S10, S29) the targeted applet (TA), said unselecting step being carried out by the session manager (SM).
  4. A method according to one of claims 1 to 3, wherein said portable electronic device (SC) is of smart card type.
  5. A method according to one of claims 1 to 4, wherein said secured session is of SCP02 type.
  6. A method according to one of claims 1 to 4, wherein said secured session is of Calypso ® type.
  7. A method according to one of claims 1 to 4, wherein said portable electronic device (SC) comprises a security domain (SD) and wherein said method comprises the further step of:
    1) requesting (S52) the security domain (SD) to open a second secured session between the server (SR) and the session manager (SM), said requesting step being performed by the session manager (SM).
  8. A method according to claim 7, wherein said session manager (SM) and said security domain (SD) are merged in a single entity.
  9. A method according to one of claims 7 to 8, wherein said method comprises the further steps of:
    m) deciphering (S60) a part or totality of said applicative data (D3) according to parameters (KS1) of said second secured session,
    n) ciphering (S60) a part or totality of said applicative data (D3) according to parameters (KS2) of the secured session established with the targeted applet (TA).
  10. A method according to one of claims 7 to 9, wherein said OTA script (SCC1) contains data intended to personalize the targeted applet (TA).
  11. A method according to claim 10, wherein said method comprises the further step of:
    o) generating (S50) said OTA script (SCC1) from a personalization script intended to be sent through a I/O contact interface.
  12. A portable electronic device (SC) intended to be connected to a mobile terminal (HM), said portable electronic device (SC) being intended to receive an OTA script (SCA1, SCB1, SCC1) from a server (SR), said OTA script (SCA1, SCB1, SCC1) comprising selection data (D1), session data (D2) and applicative data (D3), said portable electronic device (SC) comprising:
    - a microprocessor (MP),
    - a communication interface (IN),
    - an operating system (OS),
    - a working memory (MEM1) and a first non volatile memory (MEM2),
    said portable electronic device (SC) being intended to comprise a targeted applet (TA),
    characterized in that said portable electronic device (SC) comprises a session manager (SM) able to extract said selection data (D1), said session data (D2) and said applicative data (D3) from the OTA script (SCA1, SCB1, SCC1), said session manager (SM) being able to select the targeted applet (TA) by using the selection data (D1), said session manager (SM) being able to establish a secured session with the targeted applet (TA) by using the session data (D2), said session manager (SM) being able to send the applicative data (D3) to the targeted applet (TA) in the form of APDU format.
  13. A portable electronic device (SC) according to claim 12, wherein said portable electronic device (SC) is intended to receive a second OTA script (SCA2, SCB2) from said server (SR), said second OTA script comprising additional data intended to be transmitted to said targeted applet (TA), wherein the session manager (SM) is able to extract the additional data from the second OTA script (SCA2, SCB2) and wherein the session manager (SM) is able to send the additional data to the targeted applet (TA) through said secured session.
  14. A portable electronic device (SC) according to one of claims 12 or 13, wherein said portable electronic device (SC) is of smart card type.
  15. A portable electronic device (SC) according to one of claims 12 to 14, wherein said portable electronic device (SC) comprises a security domain (SD) and wherein the session manager (SM) is able to request said security domain (SD) to open a second secured session between the server (SR) and the session manager (SM) .
EP08305743A 2008-10-28 2008-10-28 Method of managing data sent over the air to an applet having a restricted interface Withdrawn EP2182439A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
EP08305743A EP2182439A1 (en) 2008-10-28 2008-10-28 Method of managing data sent over the air to an applet having a restricted interface
PCT/EP2009/063162 WO2010049252A1 (en) 2008-10-28 2009-10-09 Method of managing data sent over the air to an applet having a restricted interface

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
EP08305743A EP2182439A1 (en) 2008-10-28 2008-10-28 Method of managing data sent over the air to an applet having a restricted interface

Publications (1)

Publication Number Publication Date
EP2182439A1 true EP2182439A1 (en) 2010-05-05

Family

ID=40409849

Family Applications (1)

Application Number Title Priority Date Filing Date
EP08305743A Withdrawn EP2182439A1 (en) 2008-10-28 2008-10-28 Method of managing data sent over the air to an applet having a restricted interface

Country Status (2)

Country Link
EP (1) EP2182439A1 (en)
WO (1) WO2010049252A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103034648A (en) * 2011-10-09 2013-04-10 镇江金软计算机科技有限责任公司 Mobile report query system based on OTA (operational transconductance amplifier) technology
CN103918240A (en) * 2011-10-28 2014-07-09 Skc&C株式会社 Communication interface method for SE mounted on mobile device and SE using same
CN111314201A (en) * 2018-12-11 2020-06-19 腾讯科技(深圳)有限公司 Application data processing method, system and related equipment

Families Citing this family (102)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2012078570A2 (en) * 2010-12-06 2012-06-14 Interdigital Patent Holdings, Inc. Smart card with domain-trust evaluation and domain policy management functions
US10546444B2 (en) 2018-06-21 2020-01-28 Capital One Services, Llc Systems and methods for secure read-only authentication
CN108449735A (en) * 2018-06-25 2018-08-24 中国联合网络通信集团有限公司 Method, car-mounted terminal, equipment and the computer readable storage medium of OTA communications
CA3115107A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10771253B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10582386B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10505738B1 (en) 2018-10-02 2019-12-10 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10909527B2 (en) 2018-10-02 2021-02-02 Capital One Services, Llc Systems and methods for performing a reissue of a contactless card
US10733645B2 (en) 2018-10-02 2020-08-04 Capital One Services, Llc Systems and methods for establishing identity for order pick up
SG11202103249VA (en) 2018-10-02 2021-04-29 Capital One Services Llc Systems and methods for cryptographic authentication of contactless cards
US10511443B1 (en) 2018-10-02 2019-12-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10581611B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10489781B1 (en) 2018-10-02 2019-11-26 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10554411B1 (en) 2018-10-02 2020-02-04 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10949520B2 (en) 2018-10-02 2021-03-16 Capital One Services, Llc Systems and methods for cross coupling risk analytics and one-time-passcodes
JP2022508010A (en) 2018-10-02 2022-01-19 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー Systems and methods for cryptographic authentication of non-contact cards
US10592710B1 (en) 2018-10-02 2020-03-17 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10579998B1 (en) 2018-10-02 2020-03-03 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
CA3115142A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10992477B2 (en) 2018-10-02 2021-04-27 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10783519B2 (en) 2018-10-02 2020-09-22 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
JP2022503755A (en) 2018-10-02 2022-01-12 キャピタル・ワン・サービシーズ・リミテッド・ライアビリティ・カンパニー Systems and methods for cryptographic authentication of non-contact cards
AU2019351906A1 (en) 2018-10-02 2021-03-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11210664B2 (en) 2018-10-02 2021-12-28 Capital One Services, Llc Systems and methods for amplifying the strength of cryptographic algorithms
US10771254B2 (en) 2018-10-02 2020-09-08 Capital One Services, Llc Systems and methods for email-based card activation
WO2020072694A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607216B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
SG11202102798TA (en) 2018-10-02 2021-04-29 Capital One Services Llc Systems and methods for cryptographic authentication of contactless cards
US10542036B1 (en) 2018-10-02 2020-01-21 Capital One Services, Llc Systems and methods for signaling an attack on contactless cards
AU2019355110A1 (en) 2018-10-02 2021-04-08 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10607214B1 (en) 2018-10-02 2020-03-31 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
WO2020072552A1 (en) 2018-10-02 2020-04-09 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US10565587B1 (en) 2018-10-02 2020-02-18 Capital One Services, Llc Systems and methods for cryptographic authentication of contactless cards
US11361302B2 (en) 2019-01-11 2022-06-14 Capital One Services, Llc Systems and methods for touch screen interface interaction using a card overlay
US11037136B2 (en) 2019-01-24 2021-06-15 Capital One Services, Llc Tap to autofill card data
US10510074B1 (en) 2019-02-01 2019-12-17 Capital One Services, Llc One-tap payment using a contactless card
US11120453B2 (en) 2019-02-01 2021-09-14 Capital One Services, Llc Tap card to securely generate card data to copy to clipboard
US10467622B1 (en) 2019-02-01 2019-11-05 Capital One Services, Llc Using on-demand applications to generate virtual numbers for a contactless card to securely autofill forms
US10425129B1 (en) 2019-02-27 2019-09-24 Capital One Services, Llc Techniques to reduce power consumption in near field communication systems
US10523708B1 (en) 2019-03-18 2019-12-31 Capital One Services, Llc System and method for second factor authentication of customer support calls
US10535062B1 (en) 2019-03-20 2020-01-14 Capital One Services, Llc Using a contactless card to securely share personal data stored in a blockchain
US10438437B1 (en) 2019-03-20 2019-10-08 Capital One Services, Llc Tap to copy data to clipboard via NFC
US10643420B1 (en) 2019-03-20 2020-05-05 Capital One Services, Llc Contextual tapping engine
US10984416B2 (en) 2019-03-20 2021-04-20 Capital One Services, Llc NFC mobile currency transfer
US10970712B2 (en) 2019-03-21 2021-04-06 Capital One Services, Llc Delegated administration of permissions using a contactless card
US10467445B1 (en) 2019-03-28 2019-11-05 Capital One Services, Llc Devices and methods for contactless card alignment with a foldable mobile device
US11521262B2 (en) 2019-05-28 2022-12-06 Capital One Services, Llc NFC enhanced augmented reality information overlays
US10516447B1 (en) 2019-06-17 2019-12-24 Capital One Services, Llc Dynamic power levels in NFC card communications
US11694187B2 (en) 2019-07-03 2023-07-04 Capital One Services, Llc Constraining transactional capabilities for contactless cards
US11392933B2 (en) 2019-07-03 2022-07-19 Capital One Services, Llc Systems and methods for providing online and hybridcard interactions
US10871958B1 (en) 2019-07-03 2020-12-22 Capital One Services, Llc Techniques to perform applet programming
US10713649B1 (en) 2019-07-09 2020-07-14 Capital One Services, Llc System and method enabling mobile near-field communication to update display on a payment card
US10498401B1 (en) 2019-07-15 2019-12-03 Capital One Services, Llc System and method for guiding card positioning using phone sensors
US10885514B1 (en) 2019-07-15 2021-01-05 Capital One Services, Llc System and method for using image data to trigger contactless card transactions
US10733601B1 (en) 2019-07-17 2020-08-04 Capital One Services, Llc Body area network facilitated authentication or payment authorization
US11182771B2 (en) 2019-07-17 2021-11-23 Capital One Services, Llc System for value loading onto in-vehicle device
US10832271B1 (en) 2019-07-17 2020-11-10 Capital One Services, Llc Verified reviews using a contactless card
US11521213B2 (en) 2019-07-18 2022-12-06 Capital One Services, Llc Continuous authentication for digital services based on contactless card positioning
US10506426B1 (en) 2019-07-19 2019-12-10 Capital One Services, Llc Techniques for call authentication
US10541995B1 (en) 2019-07-23 2020-01-21 Capital One Services, Llc First factor contactless card authentication system and method
CA3153291A1 (en) 2019-10-02 2021-04-08 Evan Lerner Client device authentication using contactless legacy magnetic stripe data
US10733283B1 (en) 2019-12-23 2020-08-04 Capital One Services, Llc Secure password generation and management using NFC and contactless smart cards
US11615395B2 (en) 2019-12-23 2023-03-28 Capital One Services, Llc Authentication for third party digital wallet provisioning
US10885410B1 (en) 2019-12-23 2021-01-05 Capital One Services, Llc Generating barcodes utilizing cryptographic techniques
US10862540B1 (en) 2019-12-23 2020-12-08 Capital One Services, Llc Method for mapping NFC field strength and location on mobile devices
US10657754B1 (en) 2019-12-23 2020-05-19 Capital One Services, Llc Contactless card and personal identification system
US11113685B2 (en) 2019-12-23 2021-09-07 Capital One Services, Llc Card issuing with restricted virtual numbers
US11651361B2 (en) 2019-12-23 2023-05-16 Capital One Services, Llc Secure authentication based on passport data stored in a contactless card
US11200563B2 (en) 2019-12-24 2021-12-14 Capital One Services, Llc Account registration using a contactless card
US10853795B1 (en) 2019-12-24 2020-12-01 Capital One Services, Llc Secure authentication based on identity data stored in a contactless card
US10664941B1 (en) 2019-12-24 2020-05-26 Capital One Services, Llc Steganographic image encoding of biometric template information on a card
US10909544B1 (en) 2019-12-26 2021-02-02 Capital One Services, Llc Accessing and utilizing multiple loyalty point accounts
US10757574B1 (en) 2019-12-26 2020-08-25 Capital One Services, Llc Multi-factor authentication providing a credential via a contactless card for secure messaging
US11038688B1 (en) 2019-12-30 2021-06-15 Capital One Services, Llc Techniques to control applets for contactless cards
US10860914B1 (en) 2019-12-31 2020-12-08 Capital One Services, Llc Contactless card and method of assembly
US11455620B2 (en) 2019-12-31 2022-09-27 Capital One Services, Llc Tapping a contactless card to a computing device to provision a virtual number
US11210656B2 (en) 2020-04-13 2021-12-28 Capital One Services, Llc Determining specific terms for contactless card activation
US10915888B1 (en) 2020-04-30 2021-02-09 Capital One Services, Llc Contactless card with multiple rotating security keys
US11030339B1 (en) 2020-04-30 2021-06-08 Capital One Services, Llc Systems and methods for data access control of personal user data using a short-range transceiver
US10861006B1 (en) 2020-04-30 2020-12-08 Capital One Services, Llc Systems and methods for data access control using a short-range transceiver
US11222342B2 (en) 2020-04-30 2022-01-11 Capital One Services, Llc Accurate images in graphical user interfaces to enable data transfer
US11823175B2 (en) 2020-04-30 2023-11-21 Capital One Services, Llc Intelligent card unlock
US10963865B1 (en) 2020-05-12 2021-03-30 Capital One Services, Llc Augmented reality card activation experience
US11100511B1 (en) 2020-05-18 2021-08-24 Capital One Services, Llc Application-based point of sale system in mobile operating systems
US11063979B1 (en) 2020-05-18 2021-07-13 Capital One Services, Llc Enabling communications between applications in a mobile operating system
US11062098B1 (en) 2020-08-11 2021-07-13 Capital One Services, Llc Augmented reality information display and interaction via NFC based authentication
US11165586B1 (en) 2020-10-30 2021-11-02 Capital One Services, Llc Call center web-based authentication using a contactless card
US11482312B2 (en) 2020-10-30 2022-10-25 Capital One Services, Llc Secure verification of medical status using a contactless card
US11373169B2 (en) 2020-11-03 2022-06-28 Capital One Services, Llc Web-based activation of contactless cards
US11216799B1 (en) 2021-01-04 2022-01-04 Capital One Services, Llc Secure generation of one-time passcodes using a contactless card
US11682012B2 (en) 2021-01-27 2023-06-20 Capital One Services, Llc Contactless delivery systems and methods
US11562358B2 (en) 2021-01-28 2023-01-24 Capital One Services, Llc Systems and methods for near field contactless card communication and cryptographic authentication
US11792001B2 (en) 2021-01-28 2023-10-17 Capital One Services, Llc Systems and methods for secure reprovisioning
US11687930B2 (en) 2021-01-28 2023-06-27 Capital One Services, Llc Systems and methods for authentication of access tokens
US11438329B2 (en) 2021-01-29 2022-09-06 Capital One Services, Llc Systems and methods for authenticated peer-to-peer data transfer using resource locators
US11777933B2 (en) 2021-02-03 2023-10-03 Capital One Services, Llc URL-based authentication for payment cards
US11637826B2 (en) 2021-02-24 2023-04-25 Capital One Services, Llc Establishing authentication persistence
US11245438B1 (en) 2021-03-26 2022-02-08 Capital One Services, Llc Network-enabled smart apparatus and systems and methods for activating and provisioning same
US11961089B2 (en) 2021-04-20 2024-04-16 Capital One Services, Llc On-demand applications to extend web services
US11935035B2 (en) 2021-04-20 2024-03-19 Capital One Services, Llc Techniques to utilize resource locators by a contactless card to perform a sequence of operations
US11902442B2 (en) 2021-04-22 2024-02-13 Capital One Services, Llc Secure management of accounts on display devices using a contactless card
US11354555B1 (en) 2021-05-04 2022-06-07 Capital One Services, Llc Methods, mediums, and systems for applying a display to a transaction card

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1965596A1 (en) * 2007-02-27 2008-09-03 Gemplus A personal token having enhanced communication abilities for a hosted application

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1965596A1 (en) * 2007-02-27 2008-09-03 Gemplus A personal token having enhanced communication abilities for a hosted application

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103034648A (en) * 2011-10-09 2013-04-10 镇江金软计算机科技有限责任公司 Mobile report query system based on OTA (operational transconductance amplifier) technology
CN103918240A (en) * 2011-10-28 2014-07-09 Skc&C株式会社 Communication interface method for SE mounted on mobile device and SE using same
EP2773076A4 (en) * 2011-10-28 2015-07-08 Sk C&C Co Ltd Communication interface method for se mounted on mobile device and se using same
US9332374B2 (en) 2011-10-28 2016-05-03 Sk Holdings Co., Ltd. Communication interface method for SE equipped on mobile terminal and SE using the same
CN103918240B (en) * 2011-10-28 2017-09-22 Sk 株式会社 Communication interface method and the SE using the communication interface method for being equipped with SE on mobile terminals
CN111314201A (en) * 2018-12-11 2020-06-19 腾讯科技(深圳)有限公司 Application data processing method, system and related equipment

Also Published As

Publication number Publication date
WO2010049252A1 (en) 2010-05-06

Similar Documents

Publication Publication Date Title
EP2182439A1 (en) Method of managing data sent over the air to an applet having a restricted interface
US8914489B2 (en) Method of personalizing an application embedded in a secured electronic token
US8814051B2 (en) Personal token having enhanced communication abilities for a hosted application
US10057759B2 (en) Method for personalising a secure element
EP2731381B1 (en) Method for changing the mobile network operator in an embedded sim on basis of special privilege
US20120190354A1 (en) UICCs EMBEDDED IN TERMINALS OR REMOVABLE THERE FROM
EP1810535A1 (en) Method for establishing a secure logical connection between an integrated circuit card and a memory card through a terminal equipment
EP2209080A1 (en) Method of loading data in an electronic device
Madlmayr et al. The benefit of using SIM application toolkit in the context of near field communication applications
US9148783B2 (en) Method of managing sensitive data in an electronic token
US20110294475A1 (en) Method of managing an application embedded in a telecom device
EP2452478B1 (en) Method of managing an application embedded in a secured electronic token
EP2961207A1 (en) Method, server and telecommunications system for establishing, through an OTA server, a secured communication channel between an administrative agent comprised in a device and a third party server
EP2614456B1 (en) Method of analyzing the behavior of a secure electronic token
Sabt et al. Over-the-internet: efficient remote content management for secure elements in mobile devices
US10616212B2 (en) Method of sending a data from a secure token to a server
JP2022050940A (en) Driver program and transaction mediation method
EP3086257A1 (en) Method of managing a secure element embedded in a host device
EP2273758A1 (en) Method of sending messages to an application embedded in a secured electronic token

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MT NL NO PL PT RO SE SI SK TR

AX Request for extension of the european patent

Extension state: AL BA MK RS

AKY No designation fees paid
REG Reference to a national code

Ref country code: DE

Ref legal event code: 8566

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION IS DEEMED TO BE WITHDRAWN

18D Application deemed to be withdrawn

Effective date: 20101106